Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^2: Test Driven Development, for software and for pancakes

by talexb (Chancellor)
on Jul 24, 2017 at 14:01 UTC ( [id://1195866]=note: print w/replies, xml ) Need Help??


in reply to Re: Test Driven Development, for software and for pancakes
in thread Test Driven Development, for software and for pancakes

    Are systems being hacked thru Perl?

To me, Perl is just a big lever, allowing me to make use of the underlying operating system to get things done efficiently. As far as vulnerabilities go, I see two possible vectors, 1. through Perl itself, and 2. through the underlying operating system.

Perl is open source -- so any dark corners or clever secrets would probably have been found and patched/removed long ago. It's under constant use in this day and age, so any security weakness would be found, discussed, patched and back-ported.

It's the underlying operating system's responsibility to make it impossible for any elevation of privileges or any unauthorized access. Again, any potential weaknesses are (should be) reported as soon as they're found, and updates made.

That's not to say that Perl is 100% safe (for some definition of 'safe'); you'd have to consult with a computer security expert on that. I'm not that guy. :)

Alex / talexb / Toronto

Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

Replies are listed 'Best First'.
Re^3: Test Driven Development, for software and for pancakes
by Your Mother (Archbishop) on Jul 24, 2017 at 15:00 UTC

    I offer 3. through the client or transport layer if mishandled at the code level. There have been some really esoteric bugs like the UTF-7 XSS exploit in older IEs. Not a lot of devs know/knew that even doing something as seemly harmless, and rampantly common, as character encoding improperly could be a security hole.

        .. in older IEs ..

      Since IE is a Microsoft browser that only runs on Microsoft operating systems, my thinking is that this still falls under the second of my vectors, and is an extension of the operating system.

      As part of the testing of each version of Windows, it makes sense that Microsoft would test all versions of IE under each version of Windows. Whether or not each browser version and each operating system version is supported, may be open to question or interpretation.

      Alex / talexb / Toronto

      Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

        Strangely enough there was a court case to decide this. M$FT said IE was a part of the OS, court said, nope. :P Though perhaps not unlike tomatoes. Sure they are really fruit but they are legally a vegetable. Human beings are weird.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1195866]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2024-03-28 17:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found